We have launched our mobile app, get it now. Call : 9354229384, 9354252518, 9999830584.  

Current Affairs

Vulnerability in devices

Date: 04 March 2020 Tags: IT, Mobile & Computers

Issue

ESET, a Slovak cybersecurity firm, has for the last one year been working in collaboration with manufacturers of two specific WiFi chips, which were found to have been vulnerable to attack by hostile parties.

 

Background

Users having certain devices such as Amazon kindle, Echo or other handsets are vulnerable to hack as there is a chance that their device has been accessed or taken over by hackers, thanks to a recently discovered vulnerability in the WiFi chips used in these devices.

 

Details

  • The vulnerability named Kr00k was discovered while the firm was conducting research into KRACK, a series of attacks on WiFi devices that was detected last year.

  • In subsequent investigations, ESET discovered that WiFI chips manufactured by Broadcom ad Cypress had the Kr00k vulnerability.

  • Chips from both these companies have a high market share and are used in a wide range of WiFi-enabled devices.

  • The devices that tested positive for the vulnerability include the Amazon Echo (2nd generation), Amazon Kindle (8th generation), Apple iPad mini 2, Apple iPhone 6, 6s, 8 and XR, Apple MacBook Air Retina 13-inch 2018, Google Nexus 5, 6, and 6s, Raspberry Pi 3, Samsung Galaxy S4 GT-19505, Samsung Galaxy S8 and Xiaomi Redmi 3s, as well as some WiFi access points by Huawei and Asus.

  • Any device with a WiFi chip manufactured by these two companies is vulnerable to attack, as long as the device is connected to a WiFi network and the hacker is within the range of the same network.

  • Once a hacker gets access to any device for even a short period of time, they can do anything, including planting a malware or intercepting sensitive information that is being sent or received via the internet.

  • The Slovak firm states that the Kr00k vulnerability is triggered when the device in question experiences a disconnection with the network, called a “dissociation” in technical terms. The more concerning factor is that a dissociation can also be triggered manually.

  • It is only a matter of sending a high energy pulse to the server, which can cause a temporary dissociation, while the user thinks that this happened due to a weak signal.

  • A suitably designed malware can easily find its way to the user’s online storage space, like the Cloud, after which multiple possibilities, including data theft and financial crimes open up.